NSA Official Suggests North Korea Was Culprit in Bangladesh Bank Heist

The deputy director of the NSA says he believes states have entered the bank-robbing business.

A senior National Security Agency official appeared to confirm that North Korean computer hackers were behind a multi-million dollar heist targeting Bangladesh’s central bank last year.

Computer hackers attempted to steal $951 million, but only got away with $81 million, some of which was later recovered. After the theft, security firms quickly pointed the finger at North Korea. Other experts disputed that finding. But on Tuesday, NSA Deputy Director Rick Ledgett appeared to say North Korea was the culprit during a cryptic exchange at a Washington forum.

Speaking at an Aspen Institute roundtable, Ledgett pointed out that private sector researchers had linked the digital break-in in Bangladesh to the 2014 hack on Sony Pictures, which the U.S. government attributed to Pyongyang.

“If that linkage from the Sony actors to the Bangladeshi bank actors is accurate — that means that a nation state is robbing banks,” Ledgett said. “That’s a big deal.”

The moderator of the event, former Assistant Attorney General for National Security John Carlin, quickly followed up: “Do you believe that there are nation states now robbing banks?”

Ledgett offered a simple answer: “I do.”

While the NSA, America’s premier spy agency, has far greater insight into North Korean cyber operations than private security firms, Ledgett’s remarks studiously avoided any reference to what evidence the agency has collected on the Bangladeshi heist. They stopped short of an official U.S. government statement that North Korea was behind the attack.

But Ledgett, a 30-year veteran of the agency due to retire later this year, would be unlikely to lend his credibility to reports that do not match his agency’s findings. “I think the public case was well-made,” Ledgett told Foreign Policy. The NSA declined to comment beyond Ledgett’s public remarks.

The alleged attempt by North Korean hackers to break into a bank and attempt to steal just short of $1 billion alarmed many in the cybersecurity world and marked a significant escalation of its behavior in cyberspace. Computer security experts described the heist as technically sophisticated and one that cemented Pyongyang as one of the world’s most capable — and daring — actors in cyberspace.

Ledgett’s comments come as the hermit kingdom is increasingly starved for cash. The United Nations has stepped up sanctions against Pyongyang and is examining North Korean front companies in China that allow it to secure much-needed foreign currency.

Meanwhile, the international community is ratcheting up pressure on North Korea after a series of missile and nuclear tests. U.S. Secretary of State Rex Tillerson recently said that the United States may be willing to take preemptive military action against North Korea’s nuclear program. China, meanwhile, has suspended coal imports from North Korea, in a measure of dissatisfaction toward its recalcitrant neighbor.

By attacking a bank and making off with large sums of money, North Korea can evade sanctions and obtain foreign currency, but so far, that effort has not delivered serious dividends for Pyongyang.